Ok Rick, don't be mad but I have to thump you... You need to make your posts at least as long as your signature. An 8 line sig for a 3 line post is crazy insane. Especially when we haven't heard from you in like months.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Tuesday, August 17, 2004 1:09 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] w2k authoritative restore Heh...take a hiatus from the list, and look who shows up.... We're getting quite a good list of 'who's who' in MS AD that drops in now and again. Good to hear from you, Brett. You still as cynical as always? <I hope...> Rick Kingslan MCSE, MCSA, MCT, CISSP Microsoft MVP: Windows Server / Directory Services Windows Server / Rights Management Windows Security (Affiliate) Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, August 16, 2004 1:25 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] w2k authoritative restore Auth restore will auth restore attributes that _exist_ in the backup as they were at the time of backup, but not auth restore attributes that didn't exist. Ergo it kind of works as a merge of old attributes that were set and new attributes that were set post backup. ... So is the CA data perhaps in attributes that are not set on the backup objects? Further like we merge the attributes that are auth restored over any existing ones, we also merge in objects as well. So a new object post backup will not get "auth restored" (i.e. the closes thing woudl be to delete the new object) Just grasping at straws, don't know much specifics about CA or ADC. Cheers, Brett Shirley (msft) AD Developer On Mon, 16 Aug 2004 [EMAIL PROTECTED] wrote: > dear all, sorry to "bomb" the list with queries, but was hoping to get > a heads up on this issue of authoritative restore subsequent to a > directory modification using ADC > > we are testing the procedure of rollback of a domain that has been > modified using an ADC connection agreement > > i have a backup set taken prior to the processing of the ADC CA and > can confirm the successful restore of a DC to the prior state. (no > email address in the user objects no CA objects etc) > > despite the fact that this data is restored authoritatively as soon as > the restored DC is attached to the network with its DS started the > data prior to the CA processing is overwritten with the data from an > another server > > have followed what seems to be a simple process of auth restore; > > 1. boot into DS restore > 2. restore system state and c: using the original location / always > overwrite 3. restart 4. boot into DS restore mode 5. run ntdsutil / > authoritative restore / restore database > > my first thought was that the ADC has created that many chages that > the default version increment of auth restore (7000000) is not enough > for the restored DC to have higher USN than the server that is left > online > > have tried auth restore with the verinc value of 10000000 but still > the old data gets overwritten > > any clues ?? > > GT > > > > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
